Home
The Threat-Vector-Questionnaire is used in the generation of threats in early phases of system development when there is no source code. To achieve this capability, we have developed and reviewed a large set of questions that the user needs to answer. Based on the answers to these questions, a set of relevant threats is generated.
The goal of the Threat-Vector-Questionnaire was to develop a threat generation module that can leverage software requirements to generate threats. To achieve this goal, we developed a requirements analysis and reasoning module.
The Threat-Vector-Questionnaire uses advanced natural language processing techniques (NLP) to identify requirements with security implication. This capability works with a list of requirements stored in a csv file. It then automatically identifies security related requirements and based on them, generates a set of threats relevant to the application.